Months After Hacks, DHS Sends a Warning About Hospital Ransomware (vice.com) 59
An anonymous reader writes: Since February, at least a dozen hospitals have been affected by ransomware, malware that encrypts a victim's files until they cough up a bounty to the hackers. In response, US-CERT, the country's Computer Emergency Readiness Team, issued an alert on March 31 warning potential victims of the risks, and how to protect themselves. But, considering that some hospitals have already had to divert emergency services, push high-risk operations to future dates, and even turn away some patients, is the alert too little, too late?
Contents of warning email from "CERT" (Score:5, Funny)
Hello, my name is Mandori Tugelli, and I am a foreign national from the country of Nigeria. With great sadness and events my great uncle has passed away. To help in my sorrow I have learned that my uncle has left me a very large inheritance. Unfortunately to collect this money I require the help of a USA business such as yours because my uncle left all his funds in US Dollars. If you could kindly click the link provided below and fill out the banking information for you business I will gladly offer you 50% of the proceeds for helping me collect my inheritance.
Kind Regards,
Mr. Mandori Tugelli
Re: (Score:2)
Thank you Manjeet. Here is my banking info.
111101000111111111000000 000111111111110000 000000011111111111111110000 0000011010000111000000000000011100 0001101000011100000000110100001 1100000000110100001110000000011010000111 0000000011010000111000000001 1010000111000000001101000011100000
Re: (Score:1)
Mandori Tugelli,
After our bill your uncle inheritance is -$50K and we are willing to wave the -$50K. Sorry for your loss.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
I am currently having an email conversation (it has gone on for almost two weeks now) with some Chinese spammer. So far, so good but I'm not really sure where to go with it. They make glass doors. I'm thinking about having them send me a sample.
Re: (Score:2)
I really have 'em on the hook, too. I've not once lied to them - I'm kind of keen on that. I do, in fact, know not just one but two people who are involved in building materials at the retail outlet and both of those people actually own, in part or in whole, the companies to which I refer.
Both of them do, in fact, sell windows and doors.
One of them is actually fairly large for that physical area - they've got multiple locations across the State of Maine. They're Hammond Lumber and Ware-Butler. Although the
Re: (Score:3)
ALERT: The horse has escaped the barn! Please secure the barn door immediately!
So Govt Can Hack Phones But Not Ransomware (Score:2)
Re:So Govt Can Hack Phones But Not Ransomware (Score:4, Insightful)
Have you ever thought that the government is running the ransomware gang? It's more or less the same as the IRS. Unfortunately the woman at the IRS running the scheme plead the 5th Amendment before Congress, before she jumped out of Tante Ju with a golden parachute . . .
Interesting (Score:4, Interesting)
I happened to be watching broadcast TV yesterday and I saw a PSA put on by some kind of law enforcement organization.
The PSA was about public wifi hotspots and told people to turn off their wifi when they leave the house and if you do connect to a public wifi hotspot, don't do e-commerce or other sensitive transactions.
I was floored. It was such a good and informative message I couldn't believe its source.
Perhaps there is a governmental push for these types of messages now...
Re: (Score:1)
No Ransomware at THIS Hospital (Score:2)
Obligatory loosely-related Monty Python bit [youtube.com]: Now I know some hospitals where you get the patients lying around in bed... well that's not how we do things here, right!
No discussion of what kinds of OS are vulnerable (Score:1)
Why not, CERT? Don't you think this is relevant?
Can someone tell me (Score:2)
what a SLASHVERTISEMENT is?
Re: (Score:3)
Alright! Now /. Is being more clear with their advertising.
Although I didn't expect to find out that every single post was paid.
SLASHVERTISEMENT: What /. users call paid (aka sponsored) posts that are not identified as such...Except today!
Re: (Score:2)
It's simply an anagram for "Heavers Smelt Nits." (Isn't that mostly what we do here?)
Re: (Score:2)
Or maybe it's a commentary on Candidate Trump, and Former Candidate Rubio for trying to beat him at his own game: "Statesmen Shrivel"
Re: (Score:2)
Or maybe part of the endless Vim vs. Emacs debate: Vim fans tout "the Vim's alertness" and Emacs folks, tired of hearing it, respond with "threaten less Vims" and are relieved to hear that The Prophet Stallman "reseals tenth Vims" just in time to avert the coming apocalypse.
STOP USING XP (Score:4, Informative)
I for one refuse to work for hospitals. Not only do they treat IT like plumbers and do not respect them if they have no PHD, but they run XP SP 2 ... SP 3 might be ready someday??! They use IE 6 and IE 7. Their cisco routers are turn of the century and still BSD Unix based.
Oh and it is IT's fault if they get ransomware.
The whole FDA certification created this mess! But worse, insurance companies are nickle and diming their budgets. If XP works DON"T touch it.
If people used WIndows 8/10 (yeah it looks funny boo hiss ) with secureboot it wouldn't load half of these ransomware as rootkits could be blocked.
A lesson here for those who use XP with no updates with a smile :-) ... if it happened to them it could happen to you.
Re: (Score:2)
Most ransomware comes disguised as a legitimate email and the user is stupid enough to open the zip file, run the javascript, and then ok the .exe file that is downloaded and executed. Some basic security measures would fix this but it has zero to do with Windows.
You can't stop stupid. Especially if the employee doesn't care as he or she doesn't own the computer. If it is from a boss they will open it.
However, you can block with GPO's, security updates, modern endpoint protection AV suites, and even have ports in Cisco routers shut off during detection with network protection services.
XP is not patched. It won't be updated. You can't block everything. ALSR and sandboxing cuts back on holes. network protection services has better support in a modern OS to prevent spr
Re: (Score:2)
What? You can filter email easily. You can also protect your environment with a proxy server with filtering. Very inexpensively (if not free) and prevent viruses from entering your old Windows XP environment.
Hello IT! This is the director of Internal Medicine WHERE DID MY PDF files from Labcorp. I have patient lives REQUIRING THIS PDFS. Get em up!
Re: (Score:1)
Medstar's infection didn't come in via email, it was a web server hack.
Re: STOP USING XP (Score:1)
That's an insult to plumbers. Most IT people are lazy and useless, don't understand the technology they are supposed to support, and have zero communication skills!
Re: STOP USING XP (Score:1)
It is IT's fault. You are the morons letting exe, bat, and other file types through to your users. In addition, you are the same IT morons who are too stupid/lazy to segment your networks. Most of those PC's are using T/S. There is no reason that the terminal server should be on the same network with the PCs.
You add no cost to segment your network but you're simply to lazy or lack education; both of which indicate you shouldn't be in the field.
Many of them I've met wouldn't even make good Walmart greete
Re: (Score:1)
The recent Medstar incident was due to an unpatched exploit in JBOSS that's been known for over a year on a public facing web server. It had zero to do with stupid users or email. Medstar has an interim CIO who's first order of business was budget cuts. Guess which got cut first? If you said IT Security you win a cookie.
And I'm told things are a lot worse there than Medstar is saying. And critical patient records are definitely inaccessible.
Re: (Score:3)
If people used WIndows 8/10 (yeah it looks funny boo hiss ) with secureboot it wouldn't load half of these ransomware as rootkits could be blocked.
However, X-rays of my teeth will be sent to Microsoft Telemetry for analysis. Thanks, but no thanks.
yeah ok but running XP with a possible keylogger on the friendly receptionist entering your credit card and social security numbers is fine
Re: (Score:1)
Re: (Score:1)
You have one government agency telling you that you cannot update your software/systems until they are FDA certified, you have another government agency telling you that you should upgrade your systems immediately to prevent attack, you have vendors that are non-responsive when it comes to upgrading their systems because "it works", not to mention the cost to upgrade is so high. Also these systems have to be on the network to download and upload data...
Re: (Score:2)
The credit card sector figured out how to incorporate patching into their requirements - not applying regular patches means no PCI certification. The FDA has to climb into this millennium and start requiring the ongoing patching of medical systems as well. And that means everything from nurse's station PCs to ultrasound units to drug pumps.
This is how I see it (roughly estimating the numbers):
A machine with an FDA-approved configuration performs safely 99.99% or more of the time.
FDA approval is needed for
Backups? (Score:3)
No, it's not too little, too late. (Score:3)
Ransomware has been around for quite a long time. The solution (backups, training, patching, etc) have, too. So am I upset that DHS hasn't already issued a warning about a threat that's been around longer than DHS? No. Anybody responsible for medical IT security already knows. Now, whether they're actually allowed to do anything about it may be a different story entirely.
Re: (Score:2)
Wrong audience (Score:3)
Anyone who reads US-CERT alerts probably wouldn't be in their predicament to begin with.
Ban Microsoft Windows in Hospitals (Score:1)
"Microsoft excludes all implied warranties and conditions, including those of merchantability, fitness for a particular purpose, and non-infringement." ref [microsoft.com]
Re: (Score:1)